Time to adjust your IT and Cybersecurity Policies

IT and Cybersecurity Policy

At the end of 2019, when the news about a certain virus started to make headlines, not many people considered it to be the start of a global pandemic affecting lives, economies and businesses worldwide.

Fast Forward, 6 months into the pandemic if not everything, most aspects of business and how we go about it seem to be altered altogether. While companies such as Google and Facebook are allowing employees to work from home until 2021. Others such as Square and Twitter decided to switch to complete work from home model even after the COVID-19 shelter in place order ends.*

With so many changes happening around us one thing seems to be certain business as we know it is looking at a drastic change in the coming years. So how exactly does this impact IT and what can be done? We’ll explain …

According to an article on Fast Company  IT employees have been suggested to be the one group of employees facing a more critical role and subsequent burnout during the WFH/pandemic situation.

This can be largely attributed to the fact that now companies are forced to switch their business to an online model. IT departments and their jobs become even more critical. Not only do they have to handle the security and data related clientele and projects but also manage the sudden rise in the organization’s traffic to the system. Meaning more security checks, increased cyber-attacks and more vulnerabilities.

Post-COVID a lot of things are bound to change, in times like these the HR teams need to work along with the IT teams in order to ensure regulated workflow and proper training and transition of employees, keeping in mind some of them may have no experience of working remotely.

 “Gartner poll showed that 48% of employees will likely work remotely at least part of the time after COVID-19 versus 30% before the pandemic.” **

 

How Can You Adjust the IT Policies?

Need for Reinvention

Following the pandemic, there will be a U-shaped economic graph that businesses will have to deal with. Meaning more competition that requires better flexibility and renewed efforts. Businesses need to analyse changes, explore the critical competencies and employees will need to collaborate digitally.

Companies need to be prepared to adjust employee experience strategies. This will require companies to shift how they set goals and evaluate performances to suit a remote context.

Researchers estimate that between 25 and 30 percent of the workforce will be working from home various days a week by the end of 2021.

Increase in Data Collection

With a large pool of employees working remotely. Companies will rely heavily on using technology to monitor performance. This can range from virtual clocking in and out, internal communications to tracking work computer usage. Although this has been a practice since before the pandemic. Companies will now be required to track employee health and data safety through remote technology. Make sure to follow best practices for responsible usage of employee information and analysis.

Growth in Contingent Worker Expansion

As mentioned above, many companies are cutting down on the workforce resulting in many losing their jobs. Reports suggest, with a looming economic crisis and budget issues, companies will continue to grow their use of contingent workers in order to maintain flexibility and talent sharing such as 80% pay for 80% work done. This means more remote/ contract-based workers who may or may not be familiar with the pre-existing work culture and security norms in place. This is why companies will have to carefully articulate Policies on who they hire and how much access is given to them and what happens when they leave the organization.

Expansion in The Social Role A Company Plays

Given the context of a pandemic, employers are now required to provide a social safety net to their employees. Now businesses have to consider an employee’s physical, financial and mental well-being. This means enhanced support which accommodates, sick leaves, adjusted work hours and increased financial assistance. HR and IT teams will be required to monitor and analyze employee performance and any work-related grievances and address them in order to avoid work disruptions and ensure easy workflow.

Geographic Diversification

Companies will aim for geographical diversification in order to expand and diversify their current market. This can help a company combat an economic crisis as it did during the global recession. The rise is complex sizing and organization management will call for a strategic approach to employee management and monitoring. With a growing company size, IT teams will need to set up greater online support and monitoring systems that accommodate the growing needs of the company and its teams.

Contactless Technology

Tech experts are already predicting a future for facial recognition, mobile tracking and motion sensors to become a norm inside office spaces. While designers are recommending an “open-plan office” that helps maintain distance as well as boost productivity. This means that employees will be subjected to contactless pathways that enable them to avoid touching items such as doorways and in-office resources from doorways, coffee machines to computers. Meanwhile, IT teams will need to work on maintaining authentic authorization in order to ensure safety and access. Storing and securing such private data is another concern that the IT department will need to handle.

Cybersecurity Changes

Companies will be required to create a safe path in order to maintain client data privacy and access. While most companies will provide employees with VPNs and other technology tools to ensure some sectors could rely on blockchain to preserve access to information. Companies dealing with large amounts of data can consider the use of software such as Cymulate and XM Cyber (so-called ‘breach and attack software’), which simulate attacks to test employee reactions to different scenarios.

What steps can your IT department take today to prepare for COVID-19?

While many organizations do have an IT policy in place, rarely do they have one that includes aspects of business and it’s associates for example those who are contingent workers, or in different departments such as marketing and HR.

In the given scenario it’s important to consider and recheck the scalability of your resources in order for it to stay inclusive as well as acknowledge both regular employees as well as non-billable employees who may not be a part of the regular system.

Here are some IT checklist pointers you can include into your revised policy:

Cross Check your Licences

Since most of the remote IT licenses used by the company may be working based on the assumption the business is running as per pre-COVID times. There may be issues such as limited connections. This may directly affect the workflow and therefore it becomes necessary for departments to ensure additional user access has been added before the grace period ends. IT software such as Microsoft and Cisco even acknowledge the rise in traffic due to enforced WFH policies across organizations and may have additional resources available to support the same.

Ensure System Scalability

Many remote platforms have a common threshold when it comes to the number of users it can handle on behalf of an organisation. Generally, access systems such as Microsoft and Citrix VDI have been designed to support 20% of the total workforce that can work remotely at a given time. When the number of users increase the system access will directly affect user experience. Conduct load testing and user stimulation products to check the limits of your remote access systems or contact your service provider to upgrade and help with scalability.

Check Your Security

Below we do mention the reasons why security concerns may arise when a large group of employees pivot to working remotely. Security and access can cause breach incidents that can be avoided if certain steps have been implemented on time. Consider ensuring employees are educated on remote working policies and appropriate security measures such as VPNs and multi factor authorization have been put in place to avoid unnecessary security risks.

Check Your Communication methods

With departments and teams collaborating virtually. It’s important that accurate methods of communication have been set in place. From virtual presentations to chats or even video conferencing, ensure a secure and stable platform is in place for the entire organization to communicate and collaborate. Choose a safe and trusted vendor such as Slack or Microsoft Teams that allows good storage and multiple collaboration options for the entire organisation.

Perform User Acceptance Testing

Having all the above-mentioned points will only prove to be fruitful if the employees work on it. Consequently, ensuring employees are able to work from home before they begin working remotely would be crucial for enforcing policies created by the company. Create or follow a WFH checklist and share the same with your employees in order to help them transition to a work from home model with ease. Ensure that each employee has understood and enforced the said checklist and provide additional help desk support to those who may have any queries.

 

Why do you need to practice Cybersecurity Hygiene?

Here are some stats to help you understand how COVID-19 has changed the workspace:

According to WFH Cybersecurity Threat Index by Morphisec.

  • 56% of employees are using their personal computers as their company’s go remote in response to COVID-19.
  • 49% said this was their first experience working remotely/WFH.
  • The most common tip employees received from their IT teams was regarding malicious emails, pop-ups and to install anti-virus software.
  • Unfortunately, 20% said they did not receive any tips from their IT team while switching to a WFH model.

The COVID-19 crisis has accelerated the long-term shift towards remote workforces by 5-10 years,” said Andrew Homer, VP of Security Strategy at Morphisec. *** 

But in what ways can IT teams adapt to the changes brought on by WHF?

  • opt for cybersecurity hygiene
  • Ensure workplace network safety
  • Educate employees about common Cybersecurity attacks and how to report them
  • Ensure multi-level authentication
  • Restrict access without authorization
  • Limit authorization only to those who need it
  • Separate network nodes so the entire system isn’t affected
  • Maintain regular cybersecurity assessments and checks
  • Follow the guidelines suggested during the pandemic by the NYDFS and other government authorities.

 

CompCiti has created a Cybersecurity assessment. Below mentioned are Cybersecurity hygiene checklists to ensure your business isn’t exposed to any sort for cyberspace security risks.

  • Scan your network for vulnerabilities.
  • Patch with vendor IVA updates.
  • Review and analyse data.
  • Establish and follow a set pattern for network security coverage.
  • Encrypt sensitive data and emails.

 

For more details on Cybersecurity and assessment contact CompCiti experts or book an appointment with us.

 

* https://www.theverge.com/2020/5/18/21261798/square-employees-work-from-home-remote-premanent-policy-ceo

** https://www.gartner.com/smarterwithgartner/9-future-of-work-trends-post-covid-19/

*** https://www.securitymagazine.com/articles/92571-increasing-cybersecurity-gaps-and-vulnerabilities-due-to-remote-work-during-covid-19